commit fb11a96782eedfcc82f54a5a5542a32f70be95b8
author Akron <nils@diewald-online.de> Mon Oct 05 12:12:55 2020 +0200
committer Akron <nils@diewald-online.de> Mon Oct 05 12:12:55 2020 +0200
tree a394b9d556815daa967054c295c5dc787b3df51b
parent c58bfc4f2b1baba29bfa4669200b788da92c3943

Support different sandbox permissions on plugin registration (Fixes #112)

Change-Id: I0f99e378c44c6e53ac0a2f75727311864e73bf82

dev/js/spec/pluginSpec.js

diff --git a/dev/js/spec/pluginSpec.js b/dev/js/spec/pluginSpec.js
index 5cd7ce5..e2dab8f 100644
--- a/dev/js/spec/pluginSpec.js
+++ b/dev/js/spec/pluginSpec.js
@@ -237,11 +237,36 @@
       expect(p.element().querySelectorAll("iframe").length).toEqual(1);
       expect(p.element().querySelectorAll("div.view.widget").length).toEqual(1);
       expect(p.element().querySelectorAll("div.view.show.widget").length).toEqual(1);
+      expect(p.element().querySelector("iframe").getAttribute('sandbox')).toEqual('');
       
       manager.destroy();
 
       KorAP.Panel["result"] = undefined;
     });
+
+    it('should accept widget permissions', function () {
+      let p = KorAP.Panel["result"] = panelClass.create();
+      
+      let manager = pluginServerClass.create();
+
+      manager.register({
+        name : 'Check',
+        embed : [{
+          panel : 'result',
+          title : 'Add',
+          onClick : {
+            template : 'about:blank',
+            action : 'addWidget',
+            permissions: ['allow-scripts', 'allow-forms']
+          }
+        }]
+      });
+
+      let b = p.actions.element().firstChild;
+      b.click();
+      expect(p.element().querySelectorAll("iframe").length).toEqual(1);
+      expect(p.element().querySelector("iframe").getAttribute('sandbox')).toEqual('allow-forms allow-scripts');
+    });
   });
   
   describe('KorAP.Plugin.Widget', function () {
@@ -257,6 +282,8 @@
 
     it('should create a view element', function () {
       var widget = widgetClass.create("Test", "https://example", 56);
+      widget.allow("allow-scripts");
+      widget.allow("allow-forms");
       var we = widget.element();
 
       expect(we.tagName).toEqual("DIV");
@@ -265,10 +292,14 @@
 
       var iframe = we.firstChild;
       expect(iframe.tagName).toEqual("IFRAME");
-      expect(iframe.getAttribute("sandbox")).toEqual("allow-scripts allow-forms");
+      expect(iframe.getAttribute("sandbox")).toEqual("allow-forms allow-scripts");
       expect(iframe.getAttribute("src")).toEqual("https://example");
       expect(iframe.getAttribute("name")).toEqual("56");
 
+
+      widget.allow(["allow-downloads","allow-everything"]);
+      expect(iframe.getAttribute("sandbox")).toEqual("allow-downloads allow-everything allow-forms allow-scripts");
+      
       var btn = we.lastChild;
       expect(btn.classList.contains("button-group")).toBeTruthy();
       expect(btn.classList.contains("button-view")).toBeTruthy();
@@ -286,6 +317,18 @@
       expect(btn.lastChild.textContent).toEqual("Test");
     })
 
+    it('should have mutable permissions', function () {
+      var widget = widgetClass.create("Test", "https://example", 56);
+      var we = widget.element();
+      var iframe = we.firstChild;
+      expect(iframe.tagName).toEqual("IFRAME");
+      expect(iframe.getAttribute("sandbox")).toEqual("");
+      widget.allow("allow-scripts");
+      widget.allow("allow-forms");
+      expect(iframe.tagName).toEqual("IFRAME");
+      expect(iframe.getAttribute("sandbox")).toEqual("allow-forms allow-scripts");
+    });
+    
     it('should be resizable', function () {
       var widget = widgetClass.create("Test", "https://example", 56);
       var iframe = widget.show();